Phishing URL Scanner — Result Reference Guide

This guide explains every field in your scan results and how to interpret them. The scanner loads the target URL in a sandbox, follows redirects, inspects headers and scripts, and calculates a risk score based on observed issues.

You can try the live tool here: https://itknowledgebases.com/phishing-check/

Important: Legitimate websites can produce medium or high risk scores, especially login pages that use script obfuscation, bot mitigation, or single sign-on (SSO). For this reason, the report includes a screenshot. Use your own knowledge and judgment to decide whether the page you were sent is legitimate.

Final URL

What it is: The destination after all redirects. If it differs from the input URL, the page forwarded automatically.

Why it matters: Reveals protocol upgrades (http→https), tracking, link shorteners, and potential cloaking or phishing behavior.

Status

What it is: The HTTP status code returned by the server (e.g., 200, 301/302, 403/404, 429, 5xx).

Why it matters: A 429 indicates rate limiting or anti-bot controls; 3xx shows redirects; 5xx indicates server errors.

SSL Valid

What it is: Whether a valid HTTPS certificate is in use.

Why it matters: Invalid or absent TLS can allow interception or tampering.

Redirects

What it is: A chain of all forwards encountered (e.g., http:// → https:// → login.example.net).

Why it matters: Multiple hops can slow pages and hide destination changes; unexpected domains warrant review.

Title

What it is: The page’s <title> text.

Why it matters: Mismatched titles or generic placeholders can indicate templated or deceptive pages.

Meta Tags

What it is: Key <meta> entries (e.g., viewport, description, robots, og:*).

Why it matters: Missing or unusual values affect SEO and can hint at auto-generated or cloaked pages.

Third Party Domains

What it is: External hosts for scripts, images, and styles.

Why it matters: Excessive or unrelated third parties increase risk and tracking exposure.

Suspicious Third Parties

What it is: Highlighted external domains that appear unrelated or risky.

Why it matters: Any domain flagged here should be manually verified.

Signals

What it is: Behavioral and structural indicators extracted from the page.

Signal	Meaning
`credentialishForm`	True if a login or credential capture form is present.
`hasPassword`	True if an input of type `password` exists.
`microsoftImpersonation`	True if the page mimics Microsoft branding.
`brandMention`	Detected brand name in text or markup (helps spot impersonation).
`obfuscatedInlineScripts`	Count of inline scripts that look minified/encoded; used by both legitimate and malicious sites.

Issues (High / Medium / Low)

What it is: Findings grouped by severity.

High: Clearly dangerous behavior (known phishing patterns, credential harvest, or malware scripts).
Medium: Suspicious or deceptive behavior (hidden text, misleading redirects).
Low: Configuration weaknesses (missing headers like HSTS, CSP, or Referrer-Policy).

Risk Score

What it is: Numeric score (0–100) summarizing potential risk from headers, scripts, redirects, domain age, and signals.

How to use: Higher scores suggest higher risk, but always confirm using the screenshot and your own context.

Severity

What it is: Text label corresponding to the risk score:

low: 0–29
medium: 30–69
high: 70–100

Timings

navTimeoutMs: Maximum allowed navigation time before abort.
totalMs: Total elapsed time for the scan.

Artifact

Stored report filename (e.g., latest.json) for API retrieval or debugging.

Ok

Indicates the scan completed successfully without fatal errors.

Headers

Raw HTTP response headers from the server. Important examples include:

content-security-policy — restricts resource loading to mitigate XSS.
strict-transport-security — enforces HTTPS.
x-frame-options — prevents clickjacking.
referrer-policy — controls referrer leakage.

CSP Info

Shows whether a Content-Security-Policy is present and valid. Missing CSP increases exposure to script injection.

Session Data

Cookies or storage items detected. Look for secure flags (Secure, HttpOnly) and review for tracking identifiers.

Console Errors

Browser console messages captured during load (e.g., blocked resources, 4xx/5xx errors). Helpful for debugging anti-bot or resource failures.We do block resource heavy objects from loading.

_cache

Indicates whether the result came from cache (hit: true) or a live scan (false).

Cached results save cost and time for repeat queries.

How to Use the Screenshot

The screenshot provides visual verification. Even legitimate pages may appear “high risk” due to complex JavaScript, authentication flows, or obfuscation. Use the screenshot to confirm the expected branding, domain, and certificate. If those align with your expectations, the page is likely legitimate despite flagged indicators.

Next Steps

Website owners: add missing headers, verify SSL/TLS, and reduce redirect chains.
Security reviewers: treat risk scores as signals, confirm using the screenshot and WHOIS/DNS data.
SEO analysts: ensure title/description tags are present, avoid hidden text, and verify canonical settings.